Make consolehelper more liske sudo?
David Zeuthen
davidz at redhat.com
Thu Mar 3 21:19:52 UTC 2005
On Thu, 2005-03-03 at 16:01 -0500, Matthew Miller wrote:
>I don't consider date/time to be "end user". That should be managed through
>ntp, which shouldn't be just tweaked at the whim of whoever sits down at the
>box. (Setting the *user's* timezone is a different issue.)
You need to be able to change timezone when traveling. User may also not
be on a network so you cannot rely on a NTP server.
>Display, sound, and local printing should Just Work, and network where
>possible. I'll not touch the details of printer configuration right now. :)
>
Heh :-)
>Software installation *definitely* needs some sort of authentication and
>special privilege. Sure, this needs to be made so it's not intimidating, but
>we also shouldn't shoot ourselves in the head.
I knew this would come up :-)
o Why should installing updates and software that is *signed*
by a key that the admin chooses to trust require root?
o IIRC you can already install "software" as a non-privileged user
for e.g. Firefox - my point is that there is more to installing
software than just RPM
In all cases we of course need to guard against viruses and malware so
only certain trusted programs are allowed to do these actions. SELinux
and D-BUS can help here, e.g. we might use a SE-Linux label for
system-config-packages (and make sure LD_PRELOAD exploits are not
possible) that allows interaction with a root process via D-BUS that
performs the installation.
David
More information about the Fedora-desktop-list
mailing list